The present invention generally relates to authenticating an entity and granting access to a controlled resource and, in particular, to authenticating the entity utilizing secure electronic communications and one or a plurality of different authentication factors.
Access to various controlled resources such as buildings, financial accounts and confidential information/data is provided by numerous techniques, ranging from physical keys, such as the common house key, to security cards and personal identification numbers (PIN), such as the typical bank account ATM card. Keys and low security cards merely require possession of the key or card by the party desiring access to the controlled resource. The mere possession of the key or card thus provides one factor for authenticating access, hereinafter “authentication factor”. This authentication factor could be used for example, in granting access to a security gate around a physical plant or access to a parking lot to the plant. Often, the access into the lot or gate is just the first desired level of security. Authenticating access to specific buildings can require a second or stronger authentication factor in addition to the simple key or card.
Requiring additional information, in addition to just possession of the key/card can provide the second authentication factor. An ATM card or credit card typically requires both possession of the card and knowledge of personal or secret information, such as the PIN. By requiring both possession of a card and knowledge of the personal/secret information the second authentication factor can be provided. For example, authenticating access to a specific building can require both possession of the card and then entry of the PIN. For authenticating access to specific rooms within the building or computer access, a further authentication factor can be required, such as inputting personal information/data relating to characteristics of the requesting entity themselves.
This higher/stronger authentication factor then requires entry of something the party is, such as biometric information, for example fingerprints, voice data or a retinal scan or combinations thereof. This higher authentication factor requires possession of a card, knowledge of information (PIN) and presentation of the personal biometric information. This biometric input can be required for authenticating entry into specific rooms, such as accounting, computer center, etc. A further biometric entry could be required for authenticating access to not just read the accounting information or use the computers, but to change the accounting information or to have access to particular databases within the computer or computer system.
Another type of authentication factor can be provided by a security profile of the card or device itself. The cards or devices can be manufactured in secure facilities providing a manufacturing history, can be manufactured with a variety of security characteristics, which protect the card from being analyzed or otherwise attacked to obtain the information stored therein and can include various authentication capabilities. The security characteristics themselves then can be utilized as another authentication factor in authenticating access or can be used in combination with the other authentication factors.
It would be desirable to utilize one or more of these authentication factors over an unsecured communication medium, such as the Internet to provide access authentication to a requesting entity. Further, most controlled resources currently include some type of access authentication combined with some type of access authorization/control for granting access to the controlled resource. The access authorization/control systems can be very complex and include numerous well known types of systems. It would be desirable to utilize one or more of the referenced authentication factors for access authentication of the requesting entity in combination with the access authorization/control of the controlled resource to grant access. In some instances, it would further be desirable for the access authentication component to also be used in place of the separate access authorization/control system to both authenticate the entity and to grant access.
As used herein, an electronic communication (“EC”) is considered to be any communication in electronic form. ECs have become an integral part of transacting business today, especially with the growth of the Internet and e-commerce. An EC can represent, for example, a request for access to information or a physical space or a financial transaction, such as an instruction to a bank to transfer funds.
Over recent years, digital signatures also have become an important part of e-commerce. The origination of a digital signature generally includes: (1) the calculation of a message digest—such as a hash value; and (2) the subsequent encryption of the message digest. The message digest is digitally signed by an electronic device using a private key (PrK) of a key pair used in public-private key cryptography (also known as asymmetric cryptography). The resulting ciphertext itself usually constitutes the digital signature, which typically is appended to the message to form the EC. The second part of originating the digital signature-using encryption with a private key-is referred to herein as “generating” the digital signature, and the combined two steps is referred to herein as “originating” the digital signature. Furthermore, while the generation of the digital signature is conventionally understood as the encryption of the message digest, it is contemplated herein that generating the digital signature also may include simply encrypting the message rather than the message digest. Digital signatures are important because any change whatsoever to the message in an EC is detectable from an analysis of the message and the digital signature. Decryption of the message is accomplished by using the public key (PuK), as is well known.
For example, a message digest may be calculated by applying a hashing algorithm—such as the SHA-1 algorithm—to the message. The hashing algorithm may be applied either within the device or external to the device with the resulting hash value then being transmitted to the device for generation of the digital signature. In order to perform Message Authentication, the recipient of the EC (in this case, the authenticating component) must know or be able to obtain both the identity of the hashing algorithm applied to the message as well as the public key (“PuK”) corresponding to the private key used to encrypt the message digest. With this knowledge, the authenticating component applies the appropriate hashing algorithm to the message to calculate a hash value, and the authenticating component decrypts the digital signature using the public key. If the hash value calculated by the authenticating component equals the hash value of the decrypted digital signature, then the authenticating component determines that the content of the message contained in the EC was not altered in transmission, which necessarily would have changed the hash value.
A digital signature also enables an authenticating component to authenticate the sender of the EC, which is another valuable tool for determining whether the requesting entity should be given access to the control resource. For example, performing Message Authentication enables the authenticating component to authenticate the sender of the EC to the extent that the authenticating component thereby confirms that the sender of the EC possessed the private key corresponding to the public key used successfully to authenticate the message. This is one type of entity authentication and is based on what the requesting entity “has” (hereinafter referred to as “Factor A Entity Authentication”). Factor A Entity Authentication is useful when the authenticating component has trusted information regarding the identity of the owner of the private key. Such trusted information may arise from a digital certification issued by a trusted third party that accompanies the EC and binds the identity of the private key owner with the public key, or such trusted information may arise from actual knowledge of the identity of the private key owner, such as in the case where the authenticating component itself has issued the private key or device containing the private key to the owner.
To guard against fraudulent use of a device through theft of the device itself, a personal identification number (PIN), password, or passphrase (collectively referred to herein as a “Secret”) is typically prestored within the device and must be input into the device before it will operate to generate digital signatures. Alternatively, the Secret is shared with the authenticating component beforehand and, when the EC later is sent to the authenticating component, the Secret also is sent to the authenticating component in association with the message. In the first case, verification of the Secret authenticates the user of the device (hereinafter “User Authentication”), and in the second case, verification of the Secret authenticates the sender of the EC (hereinafter “Sender Authentication”). In either case, confirmation of the Secret represents entity authentication based on what the requesting entity “knows” (hereinafter “Factor B Entity Authentication”). The transmission of the Secret in a M may require encryption of the Secret to prevent divulging of the Secret.
Another countermeasure against fraudulent use of the device through physical theft includes the verification of a biometric characteristic-like a fingerprint—of the user of the device or sender of the EC. This type of authentication is based on what the requesting entity “is” (hereinafter “Factor C Entity Authentication”). As with the Secret, a biometric value is either maintained within the device for User Authentication, or is shared with the authenticating component beforehand for Sender Authentication by the authenticating component.
Notwithstanding all of the above, there is a currently a need for a system in which the requesting entity and the device used by the requesting entity to generate a digital signature for an EC representing a request for access to a controlled resource are “linked” with an account in an account database maintained by the authenticating component whereby the requesting entity pre-registers the public key corresponding with the private key retained securely within the device with the authenticating component and whereby the authenticating component is able to perform Factor A Entity Authentication based on a digital signature generated by the device.
Additionally, a need exists for a system that provides for both User Authentication as well as for Sender Authentication using either or both of Factor B Entity Authentication and Factor C Entity Authentication, and all without requiring the authenticating component to safeguard either a Secret or a biometric value. In this regard, a need exists for such a system in which Factor B Entity Authentication and Factor C Entity Authentication can be reliably inferred by the authenticating component without the authenticating component being privy to the authenticating information, thereby addressing privacy concerns. Furthermore, a need exists in such a paradigm for the authenticating component to be able to determine, in its own subjective business judgment, what constitutes a successful biometric match when Factor C Entity Authentication is used. A need also exists for such a paradigm in which the authenticating component is able to monitor repeated attacks on a device to guess a Secret or a biometric value, and for such a paradigm that further accommodates the use of a single device for the sending of ECs to various, unrelated authenticating components.
Further, a need exists for a system by which the security features and manufacturing history of a device are securely linked with the device whereby the authenticating component is able to determine reliably the likelihood or risk that the device used to generate a digital signature for a message that authenticates is not a counterfeit.
Accordingly, a need exists for the capability to utilize a secure EC in an insecure communication medium to provide the desired authentication factors to authenticate access to controlled resources, in combination with or in place of access authorization/control systems which grant access to the controlled resources.